"Ron Reaugh" <ron-reaugh@worldnet.att.net> wrote in message news:5yJcb.153080$0v4.11404861@bgtnsc04-news.ops.worldnet.att.net...

> This new hijacking behavior involves overwriting the Windows HOSTS file and
> apparently it's BackWeb code. It hijacks all searches to some brand-X
> search site and apparently BackWeb contains some anti SpyBot code also.

> My Google research found that
> apparently some code by the BackWeb folks, which is immediately attacked by
> SpyBot and less so be AdWare, is the culprit.

Some bad stuff *uses* the BackWeb application
Some good stuff also does.
Each thing using the application has registry settings which
may have been messed with by you and Spybot

> Anti-Virus folks need to be lilly white and avoid all appearances of nasty
> involvements. The freeze up of that XP Pro machine was due to the
> interaction of SpyBot and ANOTHER VERSION of BACKWEB THAT F_SECURE FOLKS
> EMBED IN THEIR TRIALWARE. That interaction caused me hours of hand
> debugging and uninstalling in safe-mode to regain operability on that XP Pro
> workstation.

Not all BackWeb applications are bad things, Spybot IIRC warns
of problems the user may incur.

The hijacker is the culprit I think, not Spybot or F-Secure.

> The fact that F-Secure installed BackWeb, which attacks Spybot, on that XP
> Pro machine without user permission constitutes a complete impeachment of
> F-Secure as a reputable security company.
>
> BLACKLIST if not prosecute F-SECURE.
>
> Prosecute anyone over-writing the file HOSTS without premission.

I laughed, I cried, I grabbed another beer.

Are you saying that the BackWeb application attacks Spybot, and
the HOSTS file has BackWeb code? ~ nevermind...

Spybot must be used with caution.